$ nmap -p- -T4 -A 10.10.11.105
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 ee:77:41:43:d4:82:bd:3e:6e:6e:50:cd:ff:6b:0d:d5 (RSA)
| 256 3a:d5:89:d5:da:95:59:d9:df:01:68:37:ca:d5:10:b0 (ECDSA)
|_ 256 4a:00:04:b4:9d:29:e7:af:37:16:1b:4f:80:2d:98:94 (ED25519)
80/tcp open http nginx 1.14.0 (Ubuntu)
|_http-server-header: nginx/1.14.0 (Ubuntu)
|_http-title: Did not follow redirect to http://horizontall.htb
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Devzat
OS command injection, port forward
InfluxDB-Exploit
Driver
SCF File Attacks, SMB Exploit via NTLM Capture
CVE-2021-1675 printnightmare
Previse
Previse: gobuster find directories, with burpsuite bypass redirect,
BountyHunter
BountyHunter:XML external entity (XXE) injection
Traverxec
Traverxec:
nostromo 1.9.6 – Remote Code Execution
Shocker
Shocker:shellshock (Apache mod_cgi)
Writeup
Writeup:CMS Made Simple < 2.2.10 - SQL Injection;PATH HIJACKING
OpenAdmin
OpenAdmin
Pikaboo
Pikaboo